Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(717)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: ipc/attachment_broker_privileged_win.h

Issue 1979533003: Fix an attachment broker race condition. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « ipc/attachment_broker_privileged.h ('k') | ipc/attachment_broker_privileged_win.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: ipc/attachment_broker_privileged_win.h
diff --git a/ipc/attachment_broker_privileged_win.h b/ipc/attachment_broker_privileged_win.h
index 467a97776ee51aee9b045ef2fb0fa8740948ed94..bf2eec82f15fcd760015cbadd1bc81181c2e6b80 100644
--- a/ipc/attachment_broker_privileged_win.h
+++ b/ipc/attachment_broker_privileged_win.h
@@ -5,6 +5,9 @@
#ifndef IPC_ATTACHMENT_BROKER_PRIVILEGED_WIN_H_
#define IPC_ATTACHMENT_BROKER_PRIVILEGED_WIN_H_
+#include <map>
+#include <vector>
+
#include "base/macros.h"
#include "ipc/attachment_broker_privileged.h"
#include "ipc/handle_attachment_win.h"
@@ -24,6 +27,7 @@ class IPC_EXPORT AttachmentBrokerPrivilegedWin
bool SendAttachmentToProcess(
const scoped_refptr<IPC::BrokerableAttachment>& attachment,
base::ProcessId destination_process) override;
+ void ReceivedPeerPid(base::ProcessId peer_pid) override;
// IPC::Listener overrides.
bool OnMessageReceived(const Message& message) override;
@@ -44,7 +48,23 @@ class IPC_EXPORT AttachmentBrokerPrivilegedWin
// If the HANDLE's destination is this process, queue it and notify the
// observers. Otherwise, send it in an IPC to its destination.
- void RouteDuplicatedHandle(const HandleWireFormat& wire_format);
+ // If the destination process cannot be found, |store_on_failure| indicates
+ // whether the |wire_format| should be stored, or an error should be emitted.
+ void RouteDuplicatedHandle(const HandleWireFormat& wire_format,
+ bool store_on_failure);
+
+ // Wire formats that cannot be immediately sent to the destination process
+ // because the connection has not been established. If, for some reason, the
+ // connection is never established, then the assumption is that the
+ // destination process died. The resource itself will be cleaned up by the OS,
+ // but the data structure HandleWireFormat will leak. If, at a later point in
+ // time, a new process is created with the same process id, the WireFormats
+ // will be passed to the new process. There is no security problem, since the
+ // resource itself is not being sent. Furthermore, it is unlikely to affect
+ // the functionality of the new process, since AttachmentBroker ids are large,
+ // unguessable nonces.
+ using WireFormats = std::vector<HandleWireFormat>;
+ std::map<base::ProcessId, WireFormats> stored_wire_formats_;
DISALLOW_COPY_AND_ASSIGN(AttachmentBrokerPrivilegedWin);
};
« no previous file with comments | « ipc/attachment_broker_privileged.h ('k') | ipc/attachment_broker_privileged_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698